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(57) Abstract 

pubomputer system (100) that uses a random access memory (1 02) or equivalent memory to store operating system data and "persistent" 
data (1 12), Le^ any data stored in the random access memory (102) that is designated to be retained after a system reset, includes a recovery 
boot system that implements a method for recovering the persistent data after a system reset that necessitates re-initialization of the 
random access memory (102) with operating system data. The recovery boot system allocates the random access memory (102) during 
re-initialization such that new memory allocations do not conflict with persistent data (102) allocations made prior to the system reset 
After fundamental operating system data are initialized, the persistent data (112) are recovered. Thereafter, the remainder of the data to be 
re-initialized can be stored in any available location in the random access memory (102). 
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RECOVER* BOOT PROCESS 
6regg B. Kellogg 

ffRQSS-FEFKRFNCr TO MICROPTPHP ^p^^e 

Appendix A, which is a part of the present 
5 disclosure, is a microfiche appendix consisting of 
3 sheets of microfiche having a total of 154 frames. 
Microfiche Appendix A is a computer program listing of 
boot code for use in one embodiment of this invention, 
which is described more completely below. 
10 Appendix B, which is a part of the present 

disclosure, is a microfiche appendix' consisting of l sheet 
of microfiche having a total of 21 frames. Microfiche 
Appendix B is a ROM valid listing defining the data 
structure of a ROM according to one embodiment of this 
15 invention, which is described more completely below. 

A portion of the disclosure of this patent document 
contains material which is subject to copyright 
protection. The copyright owner has no objection to the 
.facsimile reproduction by anyone of the patent document or 
20 the patent disclosure, as it appears in the Patent and 
Trademark Office patent files or records, but otherwise 
reserves all copyright rights whatsoever. 

BftCKgROPNT) OP TUB Tuy^p^ . 

1. Pield of the Invention 

25 This invention relates , to a computer system including 
a memory and a method for resetting the computer system 
such that pre-existing persistent data stored within the 
computer system is not destroyed by the system reset. 

2. Related Art 

in computer systems, varioujs events can cause the 
computer operating system to "crash,", disabling the 
computer system. An operating system crash is initiated 
for example, when the integrity .of oertain operating 
system data is compromised. Operating system data can be 



-30 
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compromised toy, f or . 

hardware failure LTi ' ?" U,t< ' rnal M " Wa " •"«< » 

»e»ory decay d™ crating ayatem, or rand™ 

5 cells! ^-Particle Interaction with OR*, 

^ er system so that no further 
operations can be e*P«nf** ^ ^ urtner 

» the operating syateTcrtL C °" PU " r — 

reset and aoL or u^tT' °° Wt - r °* st ™ ™« »• 

-puter systan M ^ OPe " ti ° n * ^ 

» it nr^ 1 ^ • ~ — - • 

Bt ' os -Known to those elfin ^ • 

After a hardware reset, all bf^L *" ^ 

hardware is re-initial , A COmpUter Systeo 

* initialized. After a software reset o„w 

the primary memory device e „ . , ' ° nly 

(RAM), which stores the oL^ll'' " aCCMS ™ e,nory 
20 initialized with initi!i T * 8meB dQta is r *" 
values »! . (typically, non-zero) data 

mem^* * ' Ben0ry devi ~" refers to a 

memory devxoe from which the computer system 

» . "seconda^ ^ ^ *- 

unit. After both the hardware^* soft " ' 

PrWy -ory device nust ^1^™' ^ 

^^^^^ ~" ^ 

30 initiate a eyetea reeet J tT 7 »«°«tically 

reset' ^l^^ZrTZZT' ' 
typically initiated by ^imT^T 

«en on again.- User-Lltl S^LT" °" " 
typically initiated -by pushlna . 

3= computer syete.. or iTS.'^T!'^ " ^ 

. e Keys on the keyboard. 



WO 95/12848 PCT/US94/12567 



- 3 - 



For most computer systems, a system reset is 
frequently a relatively b en ign operation that does not 
result ln the destruction of any user data. This is 

5 llZZT" ^ " * St ° red ° n ° ne « «. secondary 

from the primary memory device on which the operating 
system is stored. Thus, even though user data is 
typically initially stored on the primary memory device, 
if the user data has been "permanently" saved to the 
10 secondary memory device, as is frequently the case, 
initiation of a system reset does not destroy user data 

ItZiZ l^ ^ St ° red ° n — y ^vice is 
re-initial i2 ed. Though data in ■ the secondary memory 

device can also be compromised, 'existing recovery L„ e 

15 allows restoration of the integrity of such data 

In contrast, computer systems containing only a 

a *' Con, P uter sterns including only 
20 tZ deVlCe a " deSi " ble the pJJ of 

Z iceT : YStea ±S S±nCe * —ndary memory 

hall " d 8lnCe tJL * ht ~ intention oT 

hardware components is possible because user La Z 
dxrectly available. S 

ng oniy a primary memory device is that a svste* 
reset typically causes all user data to be lost when " e 
operating system data is re-i«^ a n . 
memory deviL t « ! j r ** lltlali ««» on the primary 
memory device, m existing methods for re-inii- 4a n • 
Primary neB ory device after a system res" * 
30 initialization, all of the nrlXTT , * 

Placed on a "free list « *h ^ ^ locatione 
thM a «_ " 6 11St ' The operating system data is 
then stored at anv av&ii»wi~ * 

resulting in the destruction o t the user tote. 
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iig onxy a primary memory device, a system 
and method for re-initiall *l «. , system 

. " initializing the operating system on the 

. zzsjzzt * r- reset - su * ^ - 

*uing prior to the system reset is preserved aft^r 
the system reset. arter 

SUMMARY n F the Twvp^j^ 

or eaSv^T^ SySteB ^ U86S S randon ac ~** ^ory 

id ^^r^ to store ° perating ^ — - 

persxstent data, i.e., any data stored in the memory that 
is designated to be retained after a system reset I 

reset thJ reC ° Vering the P^sistent data after a system 

IS lZllZVi:ZT tBS ~**«-"««- of operating" 
* int ° tte Persistent data as well as 

other data stored within the memory is not destroyed b y 
the system reset. The recovery hoot system according I 
the invention allocates memory during re-initi*i 
the operating system data inJ T initialization of 

2 0 memory allooLJns do nt 2^ IZZ ~ 
allocations made prior to til t P««t-nt data 

data with** -h SyStem reset ' and stores 

aata within the memory such that , 

location* «.k»* ■ data is not stored in 

locations that contain persistent data 

25 invent ^ """^ ^ SySten acc <>^ing to the 

begin running. Memory aUocations are made to recover 
30 t r 8UOCated ~^ is 

unmarked memory lemons I * ! ^ rQmainlng ' 
system is ini^d ' I ~ W " the 

35 associated with a virtual memory address used ly . 
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processor (also part of the computer system) to identify 
the physical memory address of the data and access the 
physical memory location of pie data in the memory. Data 
required for translating the virtual memory addresses of 
5 both operating system data and persistent data to physical 
memory addresses are retained, in one embodiment, through 
the system reset. 

After the system reset> the retained translation data 
are used to map the virtual memory addresses of 
10 fundamental operating system data to physical memory 
addresses. Consequently, after* the system reset, 
fundamental operating system- data is stored in the same 
physical memory locations in the memory as before the 
system reset. Thus, re-initialization of the fundamental 
15 operating system data in the memory does not destroy any . 
of the persistent data stored in the memory. 

After memory allocation for the fundamental operating 
system data, i.e., recovery of the fundamental operating 
system data, the persistent data is recovered. During 
20 normal operation of the computer system, the virtual 
memory addresses of some data stored in the memory are 
tagged to indicate that the data is persistent data. A 
list of tagged virtual memory addresses is stored starting 
at a physical memory address corresponding to a virtual 
25 memory address that is fixed for the operating system. 
After system reset, this virtual memory address, which can 
be "Known" by the processor immediately after the system 
reset or "discovered- by the. processor during recovery of 
the fundamental operating system data, is used to access 
30 the list of tagged virtual memory addresses. The tagged 
virtual memory addresses are used to allocate the 
corresponding physical memory locations in the memory so 
that other data cannot thereafter be stored in those 
memory locations during the recovery boot process. 
35 Subsequently, the recovery boot process can be 

completed using any physicalj memory locations that have 
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not previously been allocated. Since only physical memory 
locations are used that have not been allocated during the 
recovery of the fundamental operating system data and the 
persistent data, persistent data is not destroyed by the 
5 remainder of the recovery boot process. 

An advantage of the system and method according to 
the invention is that persistent data can be recovered 
after a system reset without unduly constraining the usage 
of memory. For example, it is -not necessary, as is the 
10 case of other systems, to specify a region of memory for 
storage of the file system. * Unlike other systems in which 
a pre-defined area is set aside for file system storage, 
i.e., a region in memory of fixed size is allocated only 
for the file system, in the recovery boot system and 
15 method according to the invention, the exact locations and 
sizes of all portions of the file system are determined at 
boot time. Thus, memory fragmentation, i.e., memory space 
allocated for a specific type of data that remains unused 
by data of that type, does riot occur with the recovery 
20 boot system and method of the invention. Consequently, 
the recovery boot system and method according to the 
invention allow a. more dynamic allocation of memory 
between file system data and run time data, such 
flexibility is particularly useful for computer systems 
25 that include an operating system with complex file system 
structures that require a large 1 area of memory for run 
time data storage, since more memory is made available for 
those run time data structures. 

PR3;PP DESCRIPTIOM ftp >p ME DRAWT W « |? 

30 Figure 1 is a block diagram illustrating a computer 
system according to the invention. 

Pigure 2A is a blook diagram of a recovery boot 
process according to an embodiment of the invention. 
Pigure 2B is a block diagram of a recovery boot 
35 process according to another' embodiment of the invention. 
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Figure 3A is a schematic representation of mapping of 
a virtual memory address to a physical memory location 
using paged segmentation according to one embodiment of 
the invention. 

5 Figure 3B is a schematic representation of mapping of 

a virtual memory address to a physical memory location 
using non-paged segmentation according to another 
embodiment of the invention. j 

Figure 4A is a diagram of the data structure of a ROM 
10 for use with the invention. 

Figure 4B is a diagram of a ROM item defined vithin 
the ROM of Figure 4A. 

Figure 4C is a diagram of ah Elf file defined within 
the ROM item of Figure 4B. 
15 Figure 5A is a bloc* diagram of the fundamental 

operating system data initialization step of rigure 2A 
according to an embodiment of the invention. 

Figure SB is a block diagram of the fundamental 
operating system data initialization step of Figure 2A 
20 according to another embodiment of the invention. 

Figure 6 is a block diagram of the persistent region 
recovery step of Figure 2A according to an embodiment of 

fchft ihVAnt-.Hnn. 

,« • ?A iB * blOC)t ******* <* system free list 

25 initialization step of Figure 2A according to an 

embodiment of the invention.* 

Figure 78 is a block diagram of the system free list 

initialization step of Figure 2B according to an 

embodiment of the invention. 

30 pwatwp mmm<m of mm**** n, m -^ m- p 

According to the principles of the invention, a 
computer system that uses a Random access memory or 
equivalent memory to store operating system data and 
"persistent" data (defined below) includes a recovery boot 
35 system that implements a method for recovering the 
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• Persistent data after a system reset that necessitates re- 
initiation of operating system data into the memory 
specifically, the recovery boot system according to the 
invention allocates Memory during re-initialisation of the 
5 operating system data into the memory such that new memory 
allocations do not conflict with persistent data 
allocations made prior to the system reset. 

Herein, -persistent data- is a„y data stored in the 
memory that is designated to be retained after a system 
10 reset. Persistent data typically includes data that is 
generated during use of the computer system that would 
take a significant amount of effort on the part of a user 
of the computer system to recreate, or that probably 
cannot be exactly recreated by the user, m one 
15 embodiment, persistent data includes, for instance, the 

™" 71T ^ and i COntinuou ^ "P**ted during 

use of the computer system. The file system data 
includes, for example, data generated by a user such as 

20 Tt TIT* a W ° rd proc6S8in * application program 

20 or a database created using a database application 
program. 

Each instance of data stored in the memory is 
associated with a virtual memor^ address use d by a 
processor (also part of the. computer system, to identify 
25 and access the physical memory location of the data in the 
-mory. Data reguired for translating the virtual ZoTy 

dk d rr\ Of « b0th ° Perating SySte " dat * P—istent 
data to physical memory addresses are retained through the 

30 translation data are used to map- the virtual memory 

addresses of fundamental operating system data to physical 
memory addresses. The fundamental operating system^ data 
is data that.xs sufficient to allow operation of the 
kernel and code that interfaces the operating system to 

Zt?\TT hardWare * °~~y. -tJ tL system 
reset, the fundamental operating system data is stored in 



BNSDOCID: <WO 9512848A1J_> 



• • • • 

WO 95/12848 PCT/US94/12567 



- 9 - 

III*™**** 1 ** 1 —«* locations as before the system 

H Z'* „! lnCe th6Se PhySiCal aen ° ry lo «*ions the same 
as the p hysl c a i memory locations in which the fundamental 
operating system data was stored prior to the system 
5 reset, re-initialisation of the .fundamental operating 

Z p^vsTaV 0 " ^ ^ ° f ^ S ^ent data. 

The physical memory addresses corresponding to the 
Physical memory locations at vhich the fundamental 

10 ^atT 9 d3ta ^ St ° red « «*- ^ indicate 

10 that those physical memory locations cannot be used to 
store other data. 

in the recovery boot proems of this invention after 
~ny allocation for the fundamental operating system " 
15 d!t!' I?" reC ° Very ° £ the operating system 

o e^tL; lTT ent ^ iS !"™. ^ring noJal 

al^L ! CO " PUter 8ySten ' «» vi ™ al »-"ory 
addresses of some data stored i„ th e memory are ta«L to 

indicate that the data is persistent data. A list If 

tagged virtual memory addresses is stored startino at 

Known by th. or.c.or i^eMauiy ,f t «: rM . t or 

File , "Z"™? „e« 0 ry looa tlo„ s . 

dynamic random access memory, a read Li„ « 
3S r»n*\ ... y eaa onlv memory 

35 (ROM) 103, and other computer circuitry 104. 
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In Figure 1, only the components of computer 
system 100 required to understand the recovery boot system 
and method according to this invention are illustrated 
Those skilled in the art will appreciate that computer 
5 system loo also includes structure for accepting user 
input to computer system 100 such as a keyboard or a pen 
stylus, an output display device such as a back-lighted 
liquid crystal display, and. structure for housing and/or 
supporting each of the components of computer system loo 
10 Additionally, each of the components of computer 

system 100 are interconnected using structure known to 
those skilled in the art. a computer system loo suitable 
for inclusion of the recover^ boot system according to the 
invention is sold by EO inc.; of Mountain View, California 
15 as Model No. 440 or Model No. 880. 

ROM 103 has a data structure discussed more 
completely below, and stores all of the operating system 
data in, i.e., basic instructions for operating 
microprocessor 101, for computer system 100, such as 
20 kernel instructions, instructions for various libraries 
and services, and instructions tor graphics libraries, as 
well as instructions 112 for. the novel recovery boot 

ZZSiT"? ^ t0 ^ inVention - ' ^ting system 
compatible with microprocessor 101 can be used, m one 
25 embodiment, where microprocessor 101 is a Hobbit processor 
available from American Telephone and Telegraph (AT&T) 
the operating system is the PenPoint operating system ' 

12^1 T 66 COrP * *° M 103 al8 ° 8tores applications 

30 ZZT SUCh M W ° rd proce8 * in *' **. communications, and 
jo graphics programs. 

RAM 102 is used during operation of computer 
system 100 to store data that it is desirable to make 
readily accessible to microprocessor 101, e.g., data that 

35 sL! !rr Y U8ed ' ° r read/wit « «** as user data. 
35 some, of the user data stored on RAM 102 is persistent 
data 112, as defined above. 
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During operation, computer system 100 may "crash" for 
any of a number of reasons such as, for instance, an 
internal software error, i.e., corruption of some of the 
data stored on ram 102. often, the operating system is 
5 able to recover from the crash on its own and does not 
require resetting of computer system 100. a crash from 
which the operating system cannot recover may be 
indicated, for instance, by -detection and reporting of an 
error or by the failure of computer system 100 to respond 
10 to user input. When. the operating system cannot recover 
on its own, computer system loo must be reset and RAM 102 
must be re-initiali Z ed with operating system' data ill to a 
state that allows user operation of computer system 100. 
Computer system 100 contains hardware that allows the user 
15 to "manually" reset computer system loo after a crash from 
which the operating system" cannot automatically recover. 

Computer system 100 can be manually reset in two 
ways: hardware reset and software reset (recovery boot). 
A hardware reset causes computer circuitry 104, RAM 102 
20 and certain other hardware, not'shown for clarity in 

Figure l, to be re-initialized. In .particular, RAM 102 is 
re-initialized without regard to the state of RAM 102 
prior to the hardware reset. Hence, all data stored in 
RAM 102 prior to the hardware reset, including persistent 
25 data 112, is lost, a software reset is less drastic. 
RAM 102 is re-initialized, as described below, so as to 
prevent certain important data, i.e., persistent data n 2 , 
from being lost. 

Generally, a software reset is preferred, a hardware 
30 reset is necessitated if the software reset does not 
return computer system loo to a user operable state, a 
hardware reset may also be required, even though the 
software reset "works," i.e., computer system 100 can be 
re-initialized to a user operable state, if, after the 
35 software reset, the persistent data 112 is corrupted to 
the point that the persistent dtka 112 is not usable. 
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in one embodiment of the invention, a hardware reset 
is initiated by depressing a reset button so. that, while 
power remains turned on to. computer system 100, computer 
circuitry 104 and RAM 102 are fully re-initialized. 
5 in one embodiment of the invention, a software reset 

is initiated by depressing the power button for an 
extended period of time, then releasing the power button. 
Any desired length of time can be used and the passage of 
sufficient time can be indicated by, for instance, an 
10 audio signal such as a succession of beeps, m a further 
embodiment, the tone of a succession of beeps changes when 
the power button has been depressed for a sufficient time 
to initiate a software reset. Depression and release of 
the power button as described above each generate an 
15 interrupt so that a software reset is initiated. 

Figure 2A is a block diagram of recovery boot 
process 200 according to an embodiment of this invention. 
Recovery boot process 200 begins with system reset 
steb 205. system reset step 205 includes a user- initiated 
20 software reset, as described" above, immediately after 
initiation of the software reset, certain hardware, such 
as a power controller, a communications port, and a 
display screen, are initialized. One embodiment of a 

25 described ih copending, commonly owned, U.S. Patent 

Application serial mo. T?/m,m entitled "a Power supply 
Circuit for Powering a Portable Computer and an External 
Device from a Single Battery Power Source," by David 
Anthony Chavez, Ron A. Balczewski, and Bernard Jean 

30 Lacroute, filed on the same date as the present 

application, the pertinent disclosure of which is herein 
incorporated by reference. 

RAM 102 is initially unavailable for use by 
microprocessor 101 during system reset step 205 so that 
35 there is no danger of destruction of persistent data 112 
stored i„ ram 102 . as explained in more detail below, as 
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b ^° t i PrOCeSS 200 Presses through the initial 
stages, certain pre-defined locations of rah 102 gradually 
become available for use by microprocessor ioi. 

peisistent data u 2 has been recovered/ a8 



steo '" £Und ^ e " tal system data initialization 

step 210, certain operating, sys tea data, referred to 

10 ^ ttfUndattental opting system data," that are 

!• necessary to enable operation of the Kernel and the m"i 

c2Jr° Vered t0 Pernit a bahlC level ° f oration of 
IZ Z Bte * 10 °* fUndanen tal operating system 

data are stored in ROM 103. 

In one embodiment, at the beginning of fundamental 
X5 operating system data initializatien stcp ^ 

iSLT I" C ° de ' i * 6 " CO<,e that COTt rol S the 

begxn to be processed by nicroprocessor 

l^T 006 " 0 ' m ' " d6 ' SCribed in ^ail Liow 

The boot code includes instructions that, along with Z' 
*nown ROM data structure, allow "discovery.. c^LT 
-*ory locations in rc* X03 that store virtual ^ry 

25 :::::: ;i e ?:::^^ r 

sten o ac mw existent before system reset 

50 re -u>itializ e segment ana tabl antcl 

. . ^ ™ us ' fundamental operatiner 

yst« aat. is store* .t the .„ ^ 

Ration, „ waro Mea ^ m ^ ' 
there* —i„ g that reoovery of the funaa.Lu 
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According to the invention, recovery boot process 200 
recovers persistent data i 12 st A red in hL, i 02 so tLt 
persistent data u 2 is not fay ^ ^ «»t 

s ^££7L°f 102 with operating syste » dat - 

::^r stCe : ::;:r rr r at - «- 

initialisation of the operating system of computer 

is ^ as ^t« ^T L° *S" T" 1M 

inii-iain,. ^ u<1 Tfte system data is 

initially created during the first ini + i,-.- 1- 
15 operating system of , * initialization of the 

-^i opus: rpr :::: - — — 
op -iss^ru r* ° f ,hich is * «- 

operating ! "<>««>™r«>" during f™a»e„t«, l 

d*»f<«< M , tr1 ® 8 ' each region table entry 

defining a region of virtual ^ 

25 table entry include! TiT ^ SP ° Ce ' Each region 

included ^In ^e r ! ° f ***** —«* add — 

whether o^ 2 vil ? ^ " 

real!! rtU91 ffl6BOry Within th« 

region correspond to physical memory locations thl \" 
persistent data 112 tha I Nations that store 

30 reviewed. Por eac^vir^al ^ * - 

Arcer completion of nersifii-.**,* i 

35 step 220, a syste* free 1W ? 

list lftlti-n * • Created in s y steTO «*ee 

iist: initialization step 230. Par 

H . * or e »ch region in the 
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region table, the segment and page table entries 
corresponding to virtual addresses in the region are 
reviewed. Physical memory addresses of physical memory 
locations that are being used are identified and the 
5 system free list is created as a list of the remaining 
physical memory addresses. 

In contrast, in previous methods for re-initializing 
RAM after a software reset,. all of the ram memory 
locations were immediately placed on the system free list 
10 The operating system data was mapped to any available 
physical memory locations within the RAM. Thus, the 
operating system data could be stored in physical memory 
locations that contain user data prior to the system 
reset, thereby destroying the user data. 
15 After system free list initialization step 23 0 is 

completed, the next step in- recovery boot process 200 is 
system start-up step 240. system start-up step 240 
includes, among other things, initialization of 
input/output devices, further initialization of parts of 
20 the operating system kernel, e.g., memory manager and 
memory allocator, and initialization of device drivers. 

After system start-up step 240, the next step in 
recovery boot process 200 is file Byste m recovery 
step 250. In file system recovery step 2So, the data 
25 structure, i.e., file system, that stores information 
regarding the files stored in RAM 102 and ROM 103 is 
recovered. The file system includes information regarding 
the name, location, permission and attributes of each 
file. The file system also includes information regarding 
30 the presence of other volumes or disks. 

Open completion of file system recovery step 250 
computer system loo completes recovery boot process 200 by 
initializing the remaining parts of the operating system 
such as additional libraries anji applications that are 
35 part of the operating system. 
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Figure .2* is a block diagram of recovery boot 
process 260 according to another embodiment of the 
xnventxon. Recovery boot process is similar to recovery 

5 ^eraL° CeSS / 00 "* "~ ™ * 

5 numerals used on Figure 2A. The above description of ' 

steps in process 200 with the same reference numeral as 
the steps in process 260 are incorporated- herein by 
reference. x 

in recovery boot process 260 , fundamental operating 

^i e :iL at :- initiaii2ation 211 an * ^ 

inxtiali 2 atxon step 231 are slightly different than 
fundamental operating system data initialization step 2io 
and system free list initialization step 230, 
respectively, and persistent data recovery 220 is 

15 eliminated. Recovery boot process 260 dif fers tnm 
recovery boot process 20 0 in that fundamental operating 
system data and persistent aata ai that are recov'eTare 
«ot marked as used during recovery boot process 260/ i e 

20 ^LTT? ^ ^ ^ —P°^ing to ' 

ZTZT ;r in9 SyStea *™**Jt ^ta 1M 

are n 0t ked Wften recoverfid ^ 

process 26 0 takes advantage of the fact that <Jing 

ZT^r COB,PUter Sy6teB 100 Pri ° r t0 -y*. "set 
25 ITJI \ fUndamen ^ operating system data and 

CsLr , ^ ^ ln °» *«*°» table as 

Persistent,- i.e., a persistent attribute is -turned on - 
Ourxng system free list initialization 231 , the region 

tT~lt s TTT and **• phyBical Benor * addr — of .11 

30 Vi^uai l ^ re " OVed rr °* th£ *~ lis t. 

from 1 liTT ° f Per8i8tent ^ 112 «• ^ 
from the list of available virtual memory. 

syst.TZl'JT Very ^ Pr ° CeSSeS 200 and 26 ° Eluded a 

rlet col! ^ f^' inClUded * «**~. 

reset. Computer system 100 alsfr can recover fro* a 

35 processor reset in a manner similar to recovery boot 

process 200 or 260. A processor reset is a non-user- 
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initiate* reset, i.e., an automatic reset, that occurs 
when microprocessor 10! attempts to take an exception, and 
the process of taking an exception takes an exception. At 
that point, the only thing microprocessor 101 can do is 
5 reset, m a method according to the invention for 
recovering after a processor reset, microprocessor ioi 
goes through a processor reset state in which 
microprocessor 101 determines whether a hardware or 
software reset is required, and, if a software reset is 
10 required, begins one of recovery boot process 200 or 260. 

In computer system 100, • the segment table and 
. P^e tables are available to microprocessor 101 

shortly after system reset step 205 because the physical 
memory base address of the segment table is "discovered, « 
15 as explained in more detail below, during the initial 

stages of fundamental operating system data initialization 
step 210. Discovery of this physical memory base address 

i^Jl : CC ^ PU6hed either * structuring the operating 
system to store the physical' memory, base address of the 
20 segment table, e.g., at a physical memory address 

identified within the boot data structure, the boot data 
structure having been -discovered" at an earlier stage of 
fundamental operating system data initialization step 2io 

25 ohv^ S r CtUrln9 COnpUter SySte » ^are so that the 
25 physical memory base address of the segment table is 
always known, e.g., by having one of the registers of 
microprocessor 101 store the! Physical memory base address 
or the segment table. 

Recovery boot process 200 takes advantage of the 
30 preservation of the physical memory base address of the 
segment table to, with other tables, re-initial^ 

^112 sLTf ^ belOW ' With ° Ut deStr ° yln * *~^te»t 
data 112 stored. in ram 102 prior to the system reset. The 

segment table and associated page tables are used to 

35 translate virtual memory addresses into physical memory 

addresses of persistent data 112 so that the persistent 
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' Tl^lt'- reSt T d ^ ^ PhySiCSl lo ^ions 
m RAM 102 as used prior to recovery boot 

process 200 or 260. 

5 a physical Memory address space and a virtual memory 

tte IntirT"; T PhySl ° al ******* 

ctntr"^ ! PhySi ° al ne ° 0ry The system 

controller (not shown, associates portions of the physical 

10 r7Tne SPa " Wlth Pa r iCUl - *~ of hardware, 

such o°v ^ Partidular ?* vsic *l »e»ory locations, 
such as ROM aw. RAM 102 or input/output ports („ ot 
shown) . However, not all physical memory addresses 
necessarily. refer to actual physical memory locations, a »d 
more than on* physical memory address can refer to the 

15. same physical memory location. The virtual memory address 

p^tt ^ 6ntire set of virt « al —y IrLts 

Portions of the virtual memory hddress space are 

ZZllT, PartlCUlar of software, either 

dynamically or statically. 

20 and J" T en *° di,Ben1: ' the vir *"* »a»ory address space 
The s t! t PhySACal T add « BS are the sane sLI. 

^th!n ° f ^ Stea 100 ac — stored 

lc™ ua T dWare ° £ COBPUter SyStea 100 bv translating 
2S ST addresses to P^ical m e»ory 

25 addresses and accessing the data stored at the 
corresponding physical memorl location. 

virtue 6 ^ ^ * SChefflatic "Presentation of mapping of 
virtual memory address 300 to physical memory 

30 serrrj 31 " 3 ^ PhySi< = al T ™° 330 using paged 
^St^LT^ 1 "" t0 ~ 6ab0dW ° f "Lion. 

cfiet 8e9nent tabie °" set 301 < **** 
35 oflTL 1 ? 1 ? 8 (blts 22 ttBoJ ^ 

offset o inTf 8 10 bltS ' (bit6 " 21) ' - d ^ 

offset 303 includes 12 bits (bits 0 through U) . It is to 
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be understood that virtual memory address 300 could be 
one two, eight or some other number of bytes long, and 
that segment table offset 301, page table offset 302 and 
page offset 303 can include any desired number of bits 
5 segment table 310, page table 320 and n&aQry page ^ 

are used by computer system 100 in translation of virtual 
memory address 300 to physical memory location 331-3 
Each of segment table 310 and page table 320 are 
themselves a memory page, segment table 310, page 
10 table 320 and memory page 330 each include 1000 four byte 
word*. i„ segment table 310, each word is one of the 
segment table entries 311-1 through 3U-N. m page 
table 320, each word is one of the page table entries 

i 5 of tLTT ? ai ""' In ttenory page 33 °' each ™* is «- 

° f tte Physical memory locations 331-1 through 331-n 

Herein, "word" refers to the primary unit of 
information used by microprocessor 101. it is to be 
understood that the computer' system, and method according 
to the invention are equally applicable to computer 
20 systems having a segment table, page tables and memory 

' * f f erent nuBber of ^ * ~* - * 

addresser ^ inClUd6S ^sical — «Y 

25 iZZill \ Tl reSi0 " 3 " inClUdeS P^iBsion aid 

! ^ ° f ° ther table . 

pwlai t 3U " 3 311 " N 8i » ila ^ include a 

Physical memory location, and permission and read/write 
attributes. Likewise ^...v, ' tiW 

• t»hv«<„ a i ^iKewise, page table entry 321-4 includes 

Physical memory address 322, and a region 323 that 
30 includes permission and read/write attributes. Bach of 
the other page table entries 321-1 through 311-3 and 321 B 
through 321-K similarly include a physical memory * 
location, and permission and read/write attributes. The 

35 zizt: attrlbutee in regiens 313 **"'» 

35 whether the segment table entry 311-2 and page table 
entry 321-4, respectively, have been written to or read 
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from. The permission attributes in regions 313 and 323 
indicate whether the segment table entry 311-2 and page 
table entry 321-4, respectively, are protected at kernel 
level or user level. 
5 Though not shown, there are a plurality of page 

tables, e.g. , page table 320. The physical memory address 
in each segment table entry, e.g., physical memory 
address 312 in segment table! entry 311-2, is a physical 
memory base address of one of the page tables, e.g., 
10 physical memory base address 324 of page table 320. 

Likewise, there are a plurality of memory pages, 
e.g., memory page 330. The physical memory address in 
each page table entry, e.g., physical memory address 322 
in page table entry 321-4, is a physical memory base 
15 address of one of the memory pages, e.g., physical memory 
base address 334 of memory pagej 330. 

Translation of virtual jnemory address 300 to physical 
memory location 331-3 occurs as follows. Segment table 
offset 301 in virtual memory address 300 is combined with 
20 physical memory base address 314 of segment table 310 to 
yield physical memory address 3 is of segment table entry 
.311*2, Physical memory address 312 in segment table entry 
311-2 specifies the physical memory base address 324 of 
page table 320. 

25 p ag e table offset 302 jjn virtual memory address 300 

is combined with physical memory base address 324 to yield 
physical memory address 325 of page table entry 321-4. 
Physical memory address 322 in page table entry 321-4 
specifies physical memory base address 334 of memory 

30 page 330. Page offset 303 in virtual memory address 300 
is combined with physical memory base address 334 to yield 
Physical memory address 335 of iphysical memory 
location 331-3. 

' Figure 3B is a schematic representation of mapping of 
35 virtual memory address 340 to physical memory 

location 361-2 using non-paged segmentation according to 
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another embodiment of the invention. Virtual memory 
address 340 is four bytes long and includes segment table 
offset 341 and segment offset 342. segment table 
offset 341 includes 10 bits (bits 22 through 31) and 
5 segment offset 342 includes 22 bits (bits o through 21) . 
As above, virtual memory address 340 can be other than 
four bytes long, and segment table offset 341 and segment 
offset 341 can include any number of bits. 

Translation of virtual jmory address 340 to physical 
10 memory location 361-2 occurs as .follows. Segment table 
offset 341 in virtual memory address 340 is combined with 
physical memory base address 3X4 of segment table 310 to 
yield physical memory address 3S5 of segment table entry 
311-4. Physical memory address 352 in segment table entry 
15 311-4 specifies physical memory base address 364 of 
segment 360. Segment offset 34^ in virtual memory 
address 340 is combined with physical memory base 
address 364 to yield physical memory address 365 of 
physical memory location 361-2. 
20 Each segment table entry 311-1 through 311-N includes 

in region 313 or 353 a bit which indicates whether the 
Physical memory address, e.g., physical memory address 312 
or 352, in segment table entry 311-1 through 311-n points 
to a page table (paged segmentation) or to a segment (non- 
25 paged segmentation) . i„ onej embodiment, only paged 
segmentation is used by recovery boot process 200 for 
translation of virtual memory addresses to physical memory 
locations. 



1 / e6crlbed **>ve, a portion of RAM 102 must be 

30 initialized with fundamental operating system data from 
ROM 103 in fundamental operating system data 
initialization step 210 before persistent data 112 can be 
recovered in persistent region recovery step 220. To 
begin fundamental operating system data initialization 
35 step 210, microprocessor 101 accesses a predetermined 
memory location in ROM 103 which, in turn, enables access 
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to a memory location or locations in ROM 103 which store 
mapping information, i.e., information matching physical 
memory addresses in ROM 103 to virtual memory addresses, 
for the data stored on ROM 103. This mapping information 
5 is used to re-initialize segment table and page table 
entries' for fundamental operating system data stored on 
ROM 103, 

In one embodiment, each re-initialized segment table 
and page table entry is marked to indicate that the 

10 particular physical page or pages corresponding to that 
entry are no longer available, i.e., future allocations of 
data cannot be made to these physical memory locations. 
Thus, the mappings of fundamental operating system data 
that existed before the system reset are preserved after 

15 the system reset through use ofj the information in 

ROM 103. Consequently, no fundamental operating system 
data is mapped to a physical memory location that contains 
persistent data 112 so that no persistent data 112 can be 
destroyed by the fundamental operating system data 

20 initialization step 210. Persistent data 112 can then be 
recovered during persistent data recovery step 220. 
Subsequent to persistent data recovery step 220, the 
remainder of recovery boot process 200 can proceed without 
. regard to the particular mappings of data to physical 

2 5. memory locations. 

Figure 4A is a diagram of the data structure of 
RpM 410. ROM 410 includes ROM data header 411, map 
table 412, and ROM items 413*1 through 413-N. Hereafter, 
ROM items 413-1 through 413-N are designated collectively 

30 by the numeral 413; particular ROM items are designated as 
one of ROM items 413-1 through 413-N, e.g., ROM item 
413-1. ROM data header 411 includes, among other things, 
the beginning physical memory address of map table 412 in 
ROM 103, the number of entries in map table 412, the 

35 beginning physical memory address of the first ROM 
item 413-1 and the number of ROM items 413. 
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Figure SA is a block diagram of fundamental operating 
system data initialization 210 according to an embodiment 
of the invention, m sys te» reset step 205, a program 
counter of microprocessor 101 is set to zero so that 
5 microprocessor 101 knows to access the beginning data (for 
the Hobbit microprocessor, the first six bytes) in ROM 
data header 411. The physical memory address of ROM data 
header 411 is hard-wired inti microprocessor 101 so that 
microprocessor 101 always Knows where to locate ROM data 
10 header 411. 

As shown instep 501, microprocessor 101 locates and 
accesses ROM data header 411. Microprocessor 101 is 
instructed to jump to a ROM physical memory address which 
marks the beginning of boot code for controlling recovery 
15 boot process 200. Appendix A i* a computer program 
listing of boot code for use. in one embodiment of this 
invention. The boot code is written in the C computer 
language and Hobbit assembly language for an AT&T 92000 
family set of computer chips including a Hobbit processor 
20 and ASIC chip set. The boot code is executed by 

microprocessor 101 by directly accessing the physical 
memory addresses of the boot code, i.e., translation of 
virtual addresses using the segment table and page tables 
is not necessary. 

25 Among other things, the boot code looks at a register 

of microprocessor 101 to determine if system reset 
step 206 is a hardware or software reset. As noted above, 
recovery boot process 200 takes place only if a software 

,n T be6 " initiated * » a "*tware reset has been 

30 initiated, this microprocessor register indicates the 

Physical memory base address of the segment table, an 

important piece of information ihat is used later in 

recovery boot process 200. 

Hear the end of execution of the boot code, the boot 
35 code instructs microprocessor 101 to access ROM data 

neader 411 again. Microprocessor 101 retrieves the 
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map table 412, as 6hown in ^ 5Q2 ^ ^ ^ 
includes a series of map table entries. Bach map table 
entry includes: (i) information indicating the type of 
5 data, i e., executable image of code, read-only data or 
read/write data, referred to by the map table entry, (ii) 

permission bits for the data * « ^ , 

roraie aata » e «9., kernel or user access 

*™Tn\ / ? instructl0M ^er copy the data from 
ROM 103 to RAM 102 and map the data from SAM 102 to 
10 virtual addresses, or map the data directly from ROM 103 
to virtual addresses, <iv, a virtual memory address offset 
and a virtual memory address length, and (v) a ROM offset 
and a ROM address length. ««6et 

15 man 5 ° 3 ' ^° process °r ^ accesses the first 

15 map table entry, m step 504, a determination is made as 
to whether a ROM mapping or a RAM mapping is to be made 
is to °™ ^° diBent <* the invention, if a ROM mapping 
man . n,1Cr ° processor 10 * — • each of one or more 

«p t«u entries to map all of the data stored in ROM 103 
20 to a corresponding set of virtual addresses, m another 
embodiment of the invenrl nn .< "noun* 
„f ™. invention, microprocessor 101 uses each 

^" 0r ° ~ P table t0 M » **» £ ™ «- or 

25 ZT T 10 " ,ap *">°»«"<H operate, 

25, system data from Rom 103. 

virtu!! 1 5< "' VirtUal "T «*'*— *>d 

virtual memory address length m Mp ^ 

30 £ It IT*** - ty "" P t,bl « «»'■*• ». XOM offset 

oete^ 1 "" th ta ■» " b1 ' «*«» «. used to 

^termin. a range of physical memory addresses in kom 103 
of th. data described hy the. map f hi. entry. Us l n , Z 
determined virtual memory address rang, anTphysioa! 
memory address range, the eeg^nt tahl. and page tahl. 
» entrlea corresponding to thee, data are initialized. This 
aOTe eVS " *»"•< Really, each of the segment table 
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and page table entries that map ROM data from the virtual 
memory address space to the physical memory .address space 
already exist. Re-initialization ensures that any 
corrupted entries in the segment table and/or page tables 
5 are corrected, and allows the opportunity to reset 
permission bits, e.g., data protected at kernel or user 
level, in the segment table knd/or page table entries. 

If, in step 504, it is' determined that a ram mapping 

is to be made, i ections of data stored in ROM 103 

10 are to be copied to RAM 102, in step 505, microprocessor 
101 accesses the physical memory location in ROM 103 
corresponding to the beginning physical memory address 
gxven by the ROM offset. The ROM address length indicates 
the number of physical memory addresses, i.e., amount of 
15 data, from which data are to. be copied to RAM 102. The 
virtual memory address offset and virtual memory address 
length in the map table entry are used to determine a 
range of virtual memory addresses corresponding to the 
data to be copied from ROM 103. The amount of data copied 
20 from ROM 103 can be equal to or less than the magnitude of 
the virtual memory address range. The data to be copied 
can be either an executable .image of code, read-only data 
or read/write data. 

As shown in step 506, data is copied from ROM 103 to 
25 RAM 102 and mapped fromRAM 102 to virtual addresses. The 
segment table and page tables in RAM 102 are used to 
determine corresponding physical memory addresses, i.e., 
Physical memory locations in RAM 102, for each of the 
virtual memory addresses. At this point, the mapping and 
30 copying can be done in any ord^r. Moving sequentially 
through the data in ROM 103, microprocessor id copies 
each piece of data to a physical memory location 
corresponding to the physical memory address translated 
from the virtual memory address that corresponds to the 
35 piece of data being copied. 



BNSOOOD: <WO_9S12848Alj_> 



WO 95/12848 PCT/US94/12567 



- 26 - 

The data in Ram 102 are also napped to- virtual 
addresses, i.e., the corresponding segment and page table 
entries are initialized. The physical addresses in 
RAM 102 are used, along with the corresponding virtual 
5 addresses, to initialize the segment table and page 
tables. This is done, even though each of the segment 
table and page table entries, must already exist, so that 
permission bits can be reset' for each of the segment table 
and page table entries. 
10 Since the segment table and page table entries used 

to determine the physical memory addresses in RAM 102 at' 
which to copy data from ROM 103 are the same as the 
entries existing prior to system reset step 205, the data 

15 in Z III ^ r red ^ ^ ~* PhySiCSl ^ y ^cations 
15 m RAM 102 as before the system reset, so that no 

Persistent data 112 are inadvertently destroyed. Unlike 
the direct mapping of data from ROM 103 (step 507) 

ZZ^l r h f ta ^ t0 "» 102 — itatls that 

segment table and page table entries for the data be 
20 uncorrupted - . * 

The physical memory pages of RAM 102 to which 
fundamental operating syste* data has been copied are 
removed from the system free list during system free list 

25 £ T I H b7 CheCkln * » "* ion 

25 described in more detail below, and removing the pages 

after determining that the pages are marked ae persistent 
in the region table, as also described* in more detail 
below. * 

30 st.« ^° r f n ? t0 °" e enbodlBent o* «>e invention, in 
30 step 510, during mapping of dat£ from RAM 102 to virtual 
add, , blt in eac , of tabie ^virtual 

table entries is marked to indicate that the corresponding 
Physical memory location has been used. The marked 
35 IT^T ^ "7 ellminated f ™» «» ^tem free list 

STSLSTS inltialiZati ° n St «» "0, discussed 

in detail below. This embodiment, of fundamental operating 
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system data initialization step 210 is used in recovery 
boot process 200 illustrated in Figure 2A. 

According to another embodiment of the invention, the 
segment table and page table entries are not marked, i.e.,- 
5 step 510 is eliminated from the method. The physical 
memory pages of bam 102 to which fundamental operating 
system data has been copied frre removed from the system 
free list during system free list initialization step 231 
(Figure 2B) by checking a region table, described in more 
10 detail below, and removing the pages after determining 
that the pages are marked as persistent in the region 
table, as also described in more detail below. This 
embodiment is designated as fundamental operating system 
data initialization step 211 in recovery boot process 260 
15 of illustrated in Figure 2B.. 

As shown in step 508, a determination is made as to 
whether the last map table entry has been processed, if 
not, the next map table entry is acessed (step 503) and 
either a ROM mapping or ram mapping (block 504) is carried 
20 out by microprocessor 101 as described above, if the last 
map table entry has been accessed, then the recovery boot 
process continues,.. as shown in step 508. 

Figure SB is a block diagram of the fundamental 
operating system data initialization step 210 according to 
25 another embodiment of the invention. Otoe data structure 
of ROM 103 is the same for each of the embodiments of 
fundamental operating system data initialization step 210 
shown in Figures 5A and 5B, respectively. 

As in the embodiment of step 210 illustrated in 
30 Figure 5A, in step 501, ROM da«a header 411 in ROM 103 is 
located and accessed.. Boot. code execution is initiated 
and, during execution of the boot code, ROM data 
header 411 is accessed again to determine the location of 
aap table 412. 

35 in step 502, map table 512 is located and accessed. 

Map table 412 includes map table entries, each map table 
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entry including information as discussed above with 
respect to Figure Sk. 

In step 511, the map table entries are used to map 
data as described above with respect to steps 505, 506 and 
5 507 of Figure 5A. After- all of the map table entries have 
been used to map data, the boot code instructs 
microprocessor 101 to access ROM data header 411. 
Microprocessor 101 accesses ROM data header 4ii to 
determine the beginning physical memory address of the 
10 first ROM item 413-1. 

Jn.step 512, microprocessor 101 accesses the 
beginning physical memory location of ROM item 413-1. if 
data from ROM item 413-1 is to be initialized, based upon 
a determination described in more detail below and shown 
15 in step 513, microprocessor- 101 initializes all data from 
first ROM item 413-1, a8 a i so described in more detail 
below and shown in steps 514 and 515. Whether or not the 
data. from first ROM item 413-ivas initialized, 
microprocessor 101 then moves to the physical location in 
20 ROM 103 at which the second ROM item 413-2 begins. The 
location of the start of the second ROM item 413-2 is 
known because second ROM it*a 413-2 begins at the physical 
memory address in ROM 103 immediately after the last 
Physical memory address of ROM item 413-1. if indicated, 
25 microprocessor 10* initializes all data from second ROM 
item 413-2. Microprocessor 101 then continues to 
successively initialize data from ROM items 413, as 
appropriate, as described above, until the last ROM 
item 413-N is checked, as shown in step 517. when the 
30 last ROM item 413-N has been checked, the recovery boot 
process continues, as shown, in step 51$. 

To assist in understanding steps 514 and 515 of this 
embodiment of fundamental operating system initialization 
step 210, the structure of ROM items 413 is first 
35 explained. Figure 4B is a diagram of a ROM item 413-1. 
Each of ROM items 413 has the same structure as described 



WO 95/12848 



PCT/US94/12567 



- 29 - 

below for ROM item 413-1. in one embodiment of the 
invention. ROM item 413-1 includes ROM item header 414, 
ROM item namespace 415, ROM item attributes 416 and ROM 
item data 417. ROM item header 414 includes a ROM item 
5 namespace offset, a ROM item namespace sire, a ROM item 
attributes offset, a ROM ijm attributes size, a ROM item 
data offset, a ROM item data size, and several flags. 
Each of the offsets specify a beginning physical memory 
address in ROM 103 of the corresponding part of ROM 
10 item 413-1. Each of the sizes define the ending physical 
memory address in ROM 103 of the corresponding part of ROM 
item 413-1. 

in another embodiment of the invention, the ROM item 
header 414 of each ROM item 4I3 includes the size of the 
15 ROM item 413. However, this information is not necessary 
to implement the invention'. 

The flags in ROM item header 414 indicate permission 
attributes of ROM item 413, i.e., whether ROM item 413 is 
part of the operating system kernel or a user item, and 
20 whether ROM item 413 must be initialized at boot time. 
This latter attribute is the most important for purposes 
of recovery boot process 2bo because it indicates whether 
ROM item 413 is to be initialized during fundamental 
operating system data initialization step 210. 
2S ROM item namespace 415 stores the name of ROM 

item 413-1. The name of the ROM item is the path name 
that a user would use to specify the location of the 
program, i.e., ROM item data 417, that is stored in ROM 
item 413-1. This path name enables the program stored in 
30 ROM item 413-1 to be properljj located within the file 
system of computer system xoo during file system recovery 
step 250, discussed in more detail below. 

ROM item attributes 416 inolude information about 
characteristics of RDM item 413 such as whether ROM 
35 item 413 is initialized at boot tima, whether ROM item 413 
as a kernel or user item, whether ROM item 413 is a 
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machine specific item, and whether ROM item 413 is a file 
or not. 

ROM item data 417 includes, among other things 
described in more detail below, the data constituting the 
5 program stored in ROM item 413. ROM item data 4i7 is also 
known as an Elf file. The structure of Elf file' 4 17 is 
defined in Unix™ System V, Release 4 Programmer's Guide: 
ANSI c and Programming Support Tools, Chapter 13. 
During fundamental operating system data 
10 initialization step 2io, for each ROM item 413, the 
appropriate flag in ROM item header 414 is checked in 
step 513 (Figure 5B) to see if ROM item 413 requires 
initialization. If rom item 413 does not require 
initialization, the ROM item data offset and ROM item data 
15 s l2e are used to determine the ending location of ROM 

item 413 in ROM 103 and, therefore, the beginning location 
of the next ROM item 413 in ROM 103, so that the next ROM 
item 413 can be checked to determine whether that ROM 
item 413 is to be initialized. If ROM item 413 requires 
20 initialization, Elf file 417, i.e., ROM item data, is 

examined to proceed with fundamental operating system data 
initialization step 210. 

Figure 4C is a diagram of Elf file 417. Elf file 417 
includes Elf file header 418, program header table 419, 
25 executable image of code 420. [read-only data 421 and 

read/write data 422. Elf file' header 418 includes, among 
other things, a program header table offset, which 
indicates the beginning physical memory address in ROM 103 
of program header table 419, and the number of program 
30 headers in program header table 419. Prooram header 
table 419 includes a program header for each section of. 
data ("program") in Elf file 417,, i.e., executable image 
of code 420, read-only data 421 and read/write data 422 
Read/write data 422 must be copied to RAM 102. Executable 
35 amage of code 420 and read-only data 421 may be copied to 
RAM 102. Though, in Figure 4C, only one section of 
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executable image of code 420, read-only data 421 and 
read/write data 422 are shown in Elf file 417, it is to be 
understood that an Elf file 417 oan include more than one 
section of executable image of code 420, read-only 
S data 421 and/or read/write data 422. 

Each program header includes, among other things, a 
flag that indicates whether the program is executable 
image of code 420, read-only data 421 or read/write 
data 422. Each program header also includes: (i) a 
10 program offset that indicates the beginning physical 
memory address in ROM 103 of the program, and (ii) a 
program size that, together with the program offset, 
defines the ending physical fliemory address in ROM 103 of 
the program. The program of f set and size define the 
15 physical memory location of the program in ROM 103. Each ' 
program header further includes a beginning virtual memory 
address and a virtual program size that defines an ending 
virtual memory address for the program. The beginning 
virtual memory address and virtual program size define the 
20 range of virtual memory addresses at which the program is 
located. 

As shown in step 614 > for each Elf file 417 that 
contains data requiring initialization during fundamental 
operating system data initialization step 210, 

25 microprocessor ioi uses the physical memory address range 
and the virtual memory address range specified in the 
program header for each program to initialize the segment 
table and page table entries corresponding to data to be 
mapped from ROM 103 to virtual addresses, e.g., read-only 

30 data 421, as explained above with respect to step 503 of 
Figure 5A and incorporated herein by reference. Likewise, 
in step 515, data to be copied to RAM 102 is copied into 
RAM 102 and the data mapped from" RAM 102 to virtual 
addresses, as described above with respect to step 506 of 

35 Figure 5A and incorporated herein by reference. 
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data iL« T " nb0din,ent ° f *»1 operating system 

^JZ " n ^ 210 illU6 ^ated ^ Figure at, in 
a further eminent of the embodiment of fundamental 
operating system data initialization step 210 illustrated 
T LT G ^ St6P 516 - f ° r each Piece of -t. copied 
l°r^ t I T Segment ^ P ^ table -tries are 

location has been used. - This embodiment is used in 
recovery boot process 200 illustrated in Figure 2A m a 
10 further embodiment, the segment table and plgTtabie 

21 T ^ aarked ' i - S " StSP 516 " ****** fro* 
the ^embodiment of fundamental operating system data 

initialization step 210 ill^trated in figure 5B, This 

» %?Z lT d±ment 18 -* in r — — ~ - 

After fundamental operating system data 
initialization, step 210, the operating system kernel of 
computer system 100 can run. once the operating system 

20 tawe is"" ""'^ VlrtUal of the region 

rea I a ~ essible « ™* virtual memory location of the 

paTLbl " tranSlatCd ' USing thS "^-t table and 
page tables, into a physifcai memory address so that 

table Pr T S ° r ^ thC C ° ntentS «* * h « ^ion 

25 whir " g taWe indicat -' «»ong other things, 

25 whether a particular virtual memory address or range of . 
virtual memory addresses store persistent data 112. Using 
these virtual memory addresses, the segment table or page 
table entries, as appropriate, corresponding to virtual 

30 ITZ addreSSeS ° f data 112 ™' * one 

30 embodiment, marked as ue«d nv« * , 

system data above so ZTt\l \ fundamental operating 

cor , tteh „ ° ' S ° that the Physical memory addresses 

ZZ T * PerGiEtent dat * ™ -n be removed 

from the system free list during the system free list 
initialization step 230* 



BNSDOCID: <WO 95 1 2848A1 J_> 



WO 95/12848 PCT/USM/12367 



- 33 - 

. lm ItT™ ' iS ° dia * ra " ° f region recovery 

i ! " °° atal - In | ° M of the invention 

«>« aegment table and p.g e table*. In , 

^ttT' ^ ,ht0,, *- "-"ing system 

•ureUea by so corp. operate, on an at&t Hobbit 
^croproceseor, the begin^ OI ^ 
looatao at a virtual .dare., a^a to EOSOOOOOH . 

In another embodiment, the vi»+,i,i 

zrrrs .7^ :rr r ti8 ° in - m j - 

20 cote. y of ■«»»"«» of the boot 



15 



Bach region, i.e., a co„tigu OM block of virtual 
i« repreeent^ bf a region table entry TZl 

— 1~ ta st .p «,3 to aeclLVt^e reglT ^ 

». ^Line, above, "J* £ " T, " 

operating syate. of ^ter aya^tJt ^" 
operation of computer systen l00 " dUri ° 9 n °™' 1 

3, table entry is ^ ^ .ely"^^ ^ 
— - latent. proceaaing^V oT^ " 
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to step .604. in step 604, the virtual aeaory address 
range of the region is ascertained from the region table 
entry. 

After step 604, in step 60S, the virtual memory base 
5 address of the first virtual page in the virtual memory 
address range is ascertained, m step 606, the virtual 
memory base address of the virtual page is translated to a 
Physical memory address using the segment table and page 
tables. 

10 After translation of the virtual memory address to 

the physical memory address, in step 607, the 
corresponding segment table entry is checked to see if the 
segment table entry is marked, if the segment table entry 
x. not marked, then, in'step 608, the segment table entry 
15 is aarked. Referring to Figure 3A, the segment table 
entry, e.g., segment table entry 3li- 2 , is marked by 
appropriately setting one of the bits of region 313. 

Once the segment table entry is either marked 
(steps 607 and 608) or determined to have been previously 
20 marked (step 607), in step 609, the page table entry in 
the appropriate-page ta*le is aarked. Referring to 
Figure 3A, the page tab*e entry, e.g., page table 
entry 321-4, is marked by appropriately setting one of the 

25 table entries of each virtual page within a region that 
stores persistent data, the physical memory base address 
of each physical page storing persistent data 112 is 
marked so that the physical memory base address can later 

30 Usl'lZS ?°\?° SySteJf " e liSt ****** ^e m free 
30 list initialization step 230. 

After each page is marked 'in toe page table 

(step 609) , in step 610, a determination is made as to 

whether the end of the virtual memory address range for 

the region being processed has been reached, if the end 

35 of the range has not been reached, then the virtual memory 

base address of the next virtual page is determined 
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(step 60S), the virtual memory base address is translated 
to a physical mercery base address (step 606) , and the 
associated segment and page table entries are marked 
(steps 607, 608 and 609), as described above, if the end 
5 of the range has been reached, then the next region table 
entry is retrieved (step 602) and examined to determine 
whether the region includes persistent data (step 603). 
All region table entries are checked in the manner 
described, all persistent data 112 is identified and the 
10 segment table and page table entries (i.e., physical 
memory addresses) corresponding to persistent data are 
marked. When persistent region recovery step 220 is 
complete, the system free' list can be initialized. 

Figure 7A is a block diagram of system free list 
15 initialization step 230 of Figure 2A according to an 
embodiment of the invention. At any given time during 
operation of computer system loo, the system free list 
includes all physical pages of memory that have not yet 
been allocated, i.e., physical memory locations at which 
20 data has not been stored. 

During the first Initialization of the operating 
system of computer system 100, a physical memory page is 
allocated for the system free list and marked as 
persistent. Thus, during the persistent region recovery 
25 step 220 of recovery -boot process 200, the physical memory 
Page at which the system free list is stored is recovered. 
This page is used to store the new system free list 
generated during recovery boot process 200 by the system 
free list initialization step, it is necessary to 
30 allocate the same physical page for the system free list 
to ensure that persistent data xi 2 is not overwritten by 
allocation of a physical page for the system free list. 

To begin system free list initialization step 230, in 
step 701, all physical pages of memory, including those 
35 previously allocated during recovery boot process 200, 
i.e., pages allocated during fundamental operating system 
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data initialization step 210- and persistent data recovery 
step 220, are added to the system free list. 

In step 702, the region table is located and 
accessed, m step 703. the first region table entry is 
5 accessed. 

As discussed above with respect to Figure 6/ each 
region table entry identifies a range of virtual memory 
addresses, in step 704, the beginning virtual memory 
address of each virtual memory page is accessed, m 
10 step 705, the segment table and page table entries 

corresponding to the beginning virtual memory address are 
checked to see if the envies are marked to indicate that 

memory page has been allocated, 
m V ^ PhySlcal Page has allocated, in step 706, 

IS the physical page is removed from the system free list. • 
in step 707, a determination is made as to whether the 
last virtual page in the region has been checked, if the 
last virtual page has not been checked, then the next 
virtual page in the region is accessed (step 704) and 
20 checked to see if the corresponding physical page has been 
allocated, if the la^t virtual page in the region has 
been checked, then, in step 708, a determination is made 
as to whether the region table entry being processed is 
the last region table entry, if the region table entry is 
25 the last region table entry, then the recovery boot 

process continues, if the region table entry is not the 
last region table entry, then the next region table entry 
is accessed (step 703) a^ described above. 

If, at step 70S, it is determined that the physical 
30 page has not been allocated, .then the physical page is not 
removed from the system free list, a determination is 
made as to whether the last page in the region has been 
reached (step 707) and, if appropriate, whether the region 
table entry being processed is the last region table entry 
35 (step 708), and processing of region table entries and 
virtual pages continues as described above. Each region 
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is checked for allocated pages, and all allocated pages 
are removed from the system free list. 

Figure 7B is a block diagram of system free list 
initialization step 2*1 D f Figure 2B according to an 
5 embodiment of the invention. In steps 70!, 702 and 703 
every physical memory! page is added to system free list' 
and the first region table entry of the region table is ' 
accessed. 

3 n >, J* Step "** region table is *Y 

10 checking the persistent attribute of the region table 
entry, to determine if the persistent data is stored at 
the physical memory locations corresponding to the region. 
If persistent data is. not stored, the next region table 
entry is accessed (step 703)'. If persistent data is 
15 stored, in step 712, the beginning virtual memory address 
of each virtual memory page in the region is translated to 
the beginnxng physical memory address of the corresponding 
physical memory page, and the physical memory page is 
removed from the system free list. 
20 i„ step 708 , a determination is made as to whether 

the region table entry is the last region table entry, if 
not, then the next region table entry is accessed 

(Zl Z\ an " CheCked ^ - Patent data 

25 process continues. 



Since the region table includes only virtual 
addresses that have been allocated during previous 

tatT! tX ?? T C ° nPUter mS V m 10 °' 5cannin * ^ «gio» 

30 i S , CheCki ^ ° f VlrtUal add — -hich 

HTnl i :. aS60Ciated: Howe ver , ln another embodiment of 
the invention, all segment and page table entries are 

htsT t0 * eterroine " «- corresponding physical page 
from the system free list. 

35 list zzt la r region has ^ exaained < *y*** 

list initialization step 230 is complete. The remaining 
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physical memory pages in the free list - those that have 
not been removed during system free list initialization 
step 230 - have not been allocated and are free to be used 
to store any data without possibility of destroying 
5 persistent data 112. This i* because, up to the point of 
system free list initialization step 230, no physical 
memory pages were allocated without making the allocation 
based upon the virtual memory map, i.e., tne aegment table 
and page table entries/ existing prior to the system reset 
10 step 205. i„ other words, fundamental operating system 
data initialization step 210 and persistent region 
recovery step 220 lock out physical memory locations from 
the system free list so that- these locations cannot later 
be used to store other data that would destroy the 
15 fundamental operating system data or, in particular, the 
persistent data U2. once system free list initialization 
step 230 is complete, the remainder of recovery boot 
process 200 can proceed without fear of . destroying 
persistent data 112. 

20 After system free list initialization step 230, 

system start-up step 240 is performed, as discussed in 
more detail above with respect to Figure 2. once system 
start-up 240 is complete, file system recovery step 250 
takes place. 

25 The file system' is a set of data structures that 

describe a name-space and data that's contained within 
that name-space. The file system includes information for 
each of the files, such as the state of the file, whether 
the file is opened or closed. 1 whether the file has been 

30 written to, permission attributes, and whether the file is 
write-protected or not. 

The first time that the file system is initialized, a 
heap is created. A heap pointer is stored in the boot 
data structure. The file system is initialized from 

35 ROM 103 by scanning all ROM items 413 in ROM 103 and 

marking all items that have a file name. Elements in the 
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heap are used to record file -system structures for 
potentially allocating new heap entities and for pointing 
bade into the ROM so that it looks like the file system is 
composed only of a- set of ROH files. 
S over time, new files are allocated or deleted. New 

files are allocated either from the heap, or directly from 
a memory allocator that is part of computer system 100 and 
the files referenced within .the heap. RAM files are 
marked persistent when they are allocated. Piles which 
10 were initialized from ROM 103 can be deleted or modified 
by copying the file into RAM 102 and then putting the file 
back into the file system, i.e. / using the same mechanism 
as creating a file originally in RAM. Consequently, the 
physical memory locations allocated for these «new« files 
IS are also marked as persistent data 112. 

in file system recovery step 250, the file system is 
recovered by retrieving the heap pointer from the boot 
data so that microprocessor 101 can locate files in the 
file system once again. After file system recovery 
20 step 250, recovery boot process continues by initializing 
any remaining operating system data (not shown) . 

Various embodiments of the invention have been 
described. The descriptions are intended to be 
illustrative, not limitative. Thus, it will be apparent 
25 to one skilled in the art that certain modifications may 
be made to the invention as described without departing 
from the scope of the claims set out below. 
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We claim: 

1. In a computer system including a microprocessor 
and a memory storing persistent data, a method for 
recovery contents of the mesory, after a system reset, to 

5 a state that allows user control of the operation of the 
microprocessor, the method comprising the steps of: 

recovering a portion of fundamental operating 
system data such that said portion of fundamental 
operating system data is stored within the memory in 
10 locations different from locations that stored 

persistent data prior to tjhe recovery; and 
recovering the persistent data. 

2. A method as in claim i, wherein: 
each location in the memory at which data is 

stored is identified by a virtual memory address; and 

the step of recovering fundamental operating 
system data further comprises: 

retaining, after the system reset, the 
virtual. memory address, existent before the 
system reset, of qach of the first set of 
fundamental operaring system data; 

translating the virtual memory address of 
each of the first set of fundamental operating 
system data to a physical memory address using 
25 translation data; and 

storing each of the fundamental operating 
system data at a. location in the memory 
corresponding to the physical memory address 
determined during the step of translating. 



15 



20 



30 3. 



A method as in Claim 2, wherein the step of 
recovering the fundamental operating system data further 
comprises marking each of the translation data to indicate 
that locations in the memory that store the first set of 
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fundamental operating system data cannot be used to store 
other data. 

4. A method as in Claim 2, wherein: 

persistent data isj identified, prior to the 
5 system reset, by a tag associated with the virtual 

address of each of the persistent data; and 
the step of recovering persistent data 
comprises: 

identifying virtual memory addresses that 
10 have been tagged; 

translating each of the tagged virtual 
memory addresses to a physical memory address 
using translation data; and 

recovering data stored at the locations in 
15 the memory corresponding to the physical memory 

addresses such that other data cannot be stored, 
subsequent to the step of recovering persistent 
data, in the locations in the memory at which 
persistent data are stored. 

20 5. a method as in claim 4, wherein: 

the step of recovering the fundamental operating 
system data further comprises marking the translation 
data to indicate that looations in the memory that 
store the first set of fundamental operating system 

25 data cannot be used to store other data; and 

the step of recovering persistent data further 
comprises marking the translation data to indicate 
that locations in the memory that store persistent 
data cannot be used to store other data. 

30 6. a method as in claim 5, further comprising the 

step of constructing a list of physical memory addresses 
corresponding to locations in the memory which can be used 
to store data during the recovery subsequent to the step 
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of constructing, the list including all physical memory 
addresses corresponding to locations in the memory except 
physical memory addresses corresponding to the marked 
translation data. 

7. A method as in claim 1, wherein: 

each looation in the memory at which data is 

stored is identified by a virtual memory address; 
persistent data is identified, prior to the 

system reset, by a tag associated with the virtual 

address of each of the persistent data; and 
the step of .recovering persistent data 

comprises: 



10 



15 



20 



identifying virtual memory addresses that 
have been tagged; 

translating each of the tagged virtual 
memory addresses to a physical memory address 
using translation data; and 

recovering data stored at the locations in 
the memory corresponding to the physical memory 
addresses such that other data cannot be stored, 
subsequent to the step of recovering persistent 
data, in the locations in the memory at which 
persistent data are stored. 

8- A method as in Claim 7, wherein the step of 
25 recovering persistent data further comprises marking the 
translation data to indicate that locations in the memory 
that store persistent data cannot be use* to store other 
data . 



9. 

.30 



A method as in claim i v further comprising the 
step of constructing a list of physical memory addresses 
corresponding to locations, in the memory which can be used 
to store data during the recovery subsequent to the step 
of constructing, wherein: 
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physioal memory addresses corresponding to 
locations in the memory at which the first set of 
fundamental operating system data are stored are 
excluded from the list; and 
5 physical memory addresses corresponding to 

locations in the memory at which the persistent data 
are stored are excluded from the list. 

10. in a computer system including a microprocessor 
and a memory storing persistent data, a method for 
10 recovery contents of the memoryjt after a system reset, to 
a state that allows user control of the operation of the 
microprocessor, the method comprising the steps of: 

recovering fundamental operating system data 
such that a first set of fundamental operating system 
data is stored within the memory and such that none 
of the first set of fundamental operating system data 
xs stored in locations in the memory that stored 
persistent data prior tp the system reset; and 

constructing a list 9f physical memory addresses 
for locations in the memory which can be used to 
store data during the recovery subsequent to the step 
of constructing, wherein: 

physical memory addresses for locations in 
the memory at which the first set of fundamental 
operating system data are stored are excluded 
from the list; and 



is 



20 



30 



Physical memory addresses for locations in 
the memory. at which the persistent data are 
stored are excluded from the list. 

H~ A method as in Claim io, wherein: 

each location in the memory at which data is 

stored is identified by a virtual memory address; and 
the step of recovering fundamental operating 

system data further comprises: 
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retaining, after the system reset, the 
virtual memory address, existent before the 
system reset, of e|ach of the first set of 
fundamental operating system data; 

translating the virtual memory address of 
each of the first set of fundamental operating 
system data to a physical memory address using 
translation data; and 

storing each of the first set of 
fundamental operating system data at a location 
in the memory corresponding to the physical 
memory address determined during the step of 
translating. 



10 



12. 



A method as in Claim 11, wherein the step of 
15 recovering the fundamental operating system data further 
comprises marking each of the translation data to indicate 
that locations in the memory that store the first set of 
fundamental operating system data cannot be used to" store 
other data. 

20 13. A method as in Claim 12, wherein the step of 

constructing further comprises including all physical 
memory addresses corresponding to locations in the memory 
except physical memory addresses corresponding to the 
marked translation data. 

25 14. • m a computer system including a microprocessor 

and a memory storing persistent data, a method for 
recovery contents of the memory, after a system reset, to 
a state that allows user control of the operation of the 
microprocessor, the method- comprising the steps of: 
3 <> prior to the system reset, marking locations in 

the memory that store persistent data; and 

after the system reset, recovering the 
persistent data. 
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15 



20 
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15, A method as in Claim 14, wherein: 

each location in the memory at which data is 
stored is identified by a virtual memory address ; 

the step of marking locations in the memory 
further comprises associating a tag with the virtual 
memory address corresponding to eaoh location in the 
memory at which persistant data is stored; and 

the step of recovering persistent data further 
comprises: 

identifying virtual memory addresses that 
have been tagged; 

translating the tagged virtual memory 
addresses to physical memory addresses using 
translation data; and 

recovering data stored at the locations in 
the memory corresponding to the physical memory 
addresses such that data cannot be stored, 
subsequent to the step of recovering persistent 
data, in the locations in the memory that store 
persistent data. 
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